IO River Embraces Wasm to Enable Any WAF to Run on Any CDN
IO River this week revealed it is leveraging the portable WebAssembly (Wasm) binary instruction format to make it possible to deploy any web application firewall (WAF) on a content delivery network (CDN).
USENIX Security ’25 (Enigma Track) – • Inside Out: Security Designed With, Not For
IO River this week revealed it is leveraging the portable WebAssembly (Wasm) binary instruction format to make it possible to deploy any web application firewall (WAF) on a content delivery network (CDN).Starting with running the Check Point WAF on the Akamai CDN service, the overall goal is to eliminate the need to acquire and deploy a specific WAF for each CDN. Instead, cybersecurity teams can install the WAF they prefer on any CDN to reduce total costs.IO River CEO Edward Tsinovoi said that approach also enables cybersecurity teams to streamline workflows by enforcing existing WAF policies on CDN traffic without having to backhaul it through a platform where their preferred WAF is running.Originally developed for browsers, Wasm is now being advanced as a standard for enabling portability by consortiums such as the Bytecode Alliance. While Wasm adoption remains relatively sparse, it provides an ideal specification for preventing underlying infrastructure from dictating what services are allowed to be deployed, noted Tsinovoi.It’s not clear how many cybersecurity teams are looking to centralize the management of WAFs on an end-to-end basis, but many of them already have licensed one or more. A recent Futurum Group survey found that well over a third of respondents (35%) work for organizations that plan to make some type of investment in application security in the next 12 to 18 months. At the same time, many organizations are also embracing a platform-centric approach to cybersecurity to reduce the number of tools they might otherwise need to manage.IO River already provides the ability to import every rule, cache, and policy automatically into a single serverless computing platform. The company is now essentially making a case for a mechanism to extend the reach of an existing WAF to the network edge without having to acquire, deploy and manage a separate WAF provided by a CDN provider. The issue that cybersecurity teams encounter is that there may not be enough resources available to deploy WAFs from multiple vendors, noted Tsinovoi.As more applications are deployed at the network edge using a CDN, the need for a WAF has never been more critical. Many organizations are pushing application workloads, especially in the era of artificial intelligence (AI), closer to where data is being created and consumed. That approach enables endpoints to invoke applications in a way that ultimately reduces network latency. The challenge, of course, is that as applications become more distributed the overall size of the attack surface that needs to be defended increases.Hopefully, there will come a day soon when AI and automation frameworks make it simpler to secure attack surfaces that now span endpoints, cloud services and everything in between. In the meantime, however, cybersecurity teams should be revisiting their overall approach to application security as the tactics and techniques being employed by cybercriminals continue to evolve in ways that exploit weaknesses in code and application programming interfaces (APIs) rather than continuing to focus mainly on exploiting endpoint and network misconfigurations.
About Author
